On Fri, Mar 18, 2022 at 9:44 PM Pamela Chestek <pchestek@xxxxxxxxx> wrote: > > Isn't there a much bigger problem, namely "to any person obtaining a copy of this Software to deal in the Software under the copyrights without restriction ..." > > For comparison, the MIT language is: "to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation ..." > > They've added "under the copyrights." I assume the intent was to carve out the trademarks from the grant, but they've also, I would say, carved out patents. I would argue that because the license is specifically for copyrights only one can't imply a license for patents. Interesting, I had overlooked that but this seems significant. As far as I can tell from searching, the Overflow license (the license used here) is the first case of a license that adds "under the copyrights" to that MIT license language. Though this is speculation, given the origins of these projects and what I understand to be the approximate date of launching of the Overflow project it all feels a bit like some lawyer in the Stanford tech transfer office was trying to "pull a fast one", as it were. If the Overflow project (or this license) is actually much older than I am assuming, that would be useful to know though. Richard > As to the trademark question, IMHO I tend to agree with Richard that the license prohibits lawful nominative/referential fair use. The BSD license says "endorse," which does allow for lawful use (a proper nominative fair use would not suggest endorsement). "Promote" is a closer call; if I say "LibreOffice is a fork of OpenOffice" at a time when OpenOffice is more well-known, that might be considered using "OpenOffice" in a promotional way. But since it travels with "endorse," there is an argument that they didn't mean to prohibit a lawful referential use. I don't think that can be said for the Mininet license. I think the intentions may have been good with the Mininet license, but done in a way that probably crosses the line. > > Pam > > On Fri, Mar 18, 2022 at 4:37 PM Richard Fontana <rfontana@xxxxxxxxxx> wrote: >> >> On Fri, Mar 18, 2022 at 4:00 PM Iñaki Ucar <iucar@xxxxxxxxxxxxxxxxx> wrote: >> > >> > On Fri, 18 Mar 2022 at 19:50, Richard Fontana <rfontana@xxxxxxxxxx> wrote: >> > > >> > > On Fri, Mar 18, 2022 at 12:17 PM Iñaki Ucar <iucar@xxxxxxxxxxxxxxxxx> wrote: >> > > > >> > > > On Fri, 18 Mar 2022 at 17:12, Richard Fontana <rfontana@xxxxxxxxxx> wrote: >> > > > > >> > > > > On Fri, Mar 18, 2022 at 11:34 AM Jilayne Lovejoy <jlovejoy@xxxxxxxxxx> wrote: >> > > > > > >> > > > > > Hi, >> > > > > > >> > > > > > This license is closest to MIT, but adds a custom lead-in (groan) at the beginning and a trademark restriction at the end. The authors should not refer to is as "BSD", nor "OSI-Approved" as that is a false statement. They really ought to fix that (or just put it under the regular BSD-3-Clause or MIT!) >> > > > > > >> > > > > > As for being acceptable for Fedora - I'd be curious to hear Richard's thoughts on the trademark restriction. >> > > > > >> > > > > So the clause in question is this: >> > > > > >> > > > > "The name and trademarks of copyright holder(s) may NOT be used in >> > > > > advertising or publicity pertaining to the Software or any derivatives >> > > > > without specific, written prior permission." >> > > > > >> > > > > The license seems to have first appeared in a related project coming >> > > > > out of Stanford, Openflow. The quoted language seems to me to be more >> > > > > restrictive (and also ambiguous) than counterpart language in well >> > > > > known FOSS licenses (e.g. clause 3 of the 3-clause BSD license [SPDX: >> > > > > BSD-3-Clause]). >> > > > > >> > > > > My initial reaction is that this license is not FOSS and thus is not >> > > > > ok for Fedora. >> > > > >> > > > But, we have several MIT variants listed with a similar clause about >> > > > "advertising and publicity": >> > > > https://fedoraproject.org/wiki/Licensing:MIT?rd=Licensing/MIT >> > > >> > > The one here seems closest to what Fedora calls the "NTP variant" and >> > > which is an OSI-approved license under the name NTP license: >> > > https://opensource.org/licenses/NTP (SPDX: NTP). >> > > >> > > The difference is that the mininet license says: >> > > >> > > "The name and trademarks of copyright holder(s) may NOT be used in >> > > advertising or publicity pertaining to the Software or any derivatives >> > > without specific, written prior permission." >> > > >> > > while the NTP counterpart says: >> > > >> > > "and that the name (TrademarkedName) not be used in advertising or >> > > publicity pertaining to distribution of the software without specific, >> > > written prior permission." >> > > >> > > (where '(TrademarkedName)' is a placeholder). I think >> > > "TrademarkedName" may be a questionable choice of placeholder name. >> > > >> > > Anyway, one question is whether the differences between the NTP >> > > license clause and the corresponding Mininet license clause are >> > > significant. One obvious difference is that the "names" you can't use >> > > in the Mininet case are left unspecified. >> > >> > Unspecified? It's the name of the copyright holders. >> >> The trademarks are unspecified, but maybe that's not a significant problem. >> >> The way the NTP license is used in practice is that the specific >> "name" you're not allowed to use is specified in the license notice >> (University of Delaware in the oldest strata of NTP it seems). >> >> > Similarly, the >> > 3-Clause BSD License says: >> > >> > "3. Neither the name of the copyright holder nor the names of its >> > contributors may be used to endorse or promote products derived from >> > this software without specific prior written permission." >> >> Yes but I think "use[] to endorse or to promote" is a little more >> specific than "use[] in advertising or publicity". >> >> > I'll open an issue in their repo to propose switching to a standard >> > text, but if there's a negative answer, would this be a blocker? >> >> I don't know. I think it's a difficult case and requires further >> thought/discussion. I've only thought about this for a couple of hours >> :-) >> >> I feel that the inclusion of "trademarks" here is what is most >> distinctive. Assuming Mininet itself is a trademark of the copyright >> holders, why shouldn't I be able to say truthfully in some publicity >> statement that my fork of Mininet is based on Mininet (without >> notionally breaching the license)? This is different from licenses >> that require me to rename my fork to something else. It's also >> somewhat different from how the NTP license says I can't use the name >> "University of Delaware" when advertising my distribution of NTP or a >> derivative of NTP. >> >> I'd be somewhat curious to find out why Openflow decided to use this >> license, where they got it from, and how long they were using it. >> >> > >> > Iñaki >> > >> > > Another issue is that Fedora has had a pragmatic approach to approving >> > > old (typically minimalist permissive) licenses that takes into account >> > > the age of the license and the software it's historically associated >> > > with. I don't think this has been documented and I think it's >> > > something we ought to include in the material on standards for Fedora >> > > license approval Jilayne and I have been working on. Red Hat has taken >> > > the same approach in its review of RHEL package licenses identified >> > > through scanning tools. Basically, we are more forgiving with >> > > relatively old licenses. We apply higher standards for newer licenses >> > > associated with more recent projects, with the dividing line being >> > > roughly late 1990s/early 2000s (when the concept of FOSS license >> > > standardization began to take root). Some old licenses of this sort >> > > still end up being unapproved for Fedora, most famously SunRPC. >> > > >> > > The NTP license seems to be *really* old, apparently originating with >> > > the University of Delaware in the early 1990s if not earlier. The >> > > Mininet/Openflow license as far as I can tell from the quickest >> > > research doesn't seem to go back further than ~2012, which is "recent" >> > > for purposes of the standard I'm talking about. If anyone has further >> > > information on these points it would be helpful. Maybe the Openflow >> > > license was actually copied from some much older source -- it >> > > certainly looks like it. >> > > >> > > Richard >> > > >> > > > >> > > > Iñaki >> > > > >> > > > > Also a pretty good example of how upstream license metadata is untrustworthy. >> > > > > >> > > > > Richard >> > > > > >> > > > > > >> > > > > > Thanks, >> > > > > > Jilayne >> > > > > > >> > > > > > On 3/18/22 9:21 AM, Iñaki Ucar wrote: >> > > > > > >> > > > > > Hi, >> > > > > > >> > > > > > Is this license [1] acceptable for Fedora and what would be the >> > > > > > appropriate identifier for the License field? It seems to me some sort >> > > > > > of BSD, and in fact the authors themselves identify it as such in the >> > > > > > setup.py file [2], but I'd like to be sure. >> > > > > > >> > > > > > [1] https://github.com/mininet/mininet/blob/master/LICENSE >> > > > > > [2] https://github.com/mininet/mininet/blob/master/setup.py >> > > > > >> > > > >> > > > >> > > > -- >> > > > Iñaki Úcar >> > > > >> > > >> > >> > >> > -- >> > Iñaki Úcar >> > >> >> >> -- >> _______________________________________________ >> legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx >> To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx >> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ >> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines >> List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx >> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure _______________________________________________ legal mailing list -- legal@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to legal-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/legal@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
